Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25419 | 1 Samsung | 1 Internet | 2021-06-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | |||||
| CVE-2019-0126 | 1 Intel | 96 Xeon Bronze Processors, Xeon Bronze Processors Firmware, Xeon D-1513n and 93 more | 2021-06-21 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | |||||
| CVE-2021-0324 | 1 Google | 1 Android | 2021-06-21 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android SoCAndroid ID: A-175402462 | |||||
| CVE-2010-4051 | 1 Gnu | 1 Glibc | 2021-06-18 | 5.0 MEDIUM | N/A |
| The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | |||||
| CVE-2018-15352 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2021-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | |||||
| CVE-2020-27402 | 1 Hindotech | 2 Hk1 Box S905x3, Hk1 Box S905x3 Firmware | 2021-06-17 | 7.2 HIGH | 7.8 HIGH |
| The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. | |||||
| CVE-2018-17178 | 1 Neatorobotics | 10 Botvac D3 Connected, Botvac D3 Connected Firmware, Botvac D4 Connected and 7 more | 2021-06-17 | 2.9 LOW | 5.3 MEDIUM |
| An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. | |||||
| CVE-2021-31946 | 1 Microsoft | 1 Paint 3d | 2021-06-17 | 6.8 MEDIUM | 6.6 MEDIUM |
| Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983. | |||||
| CVE-2021-20730 | 1 Buffalo | 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more | 2021-06-17 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. | |||||
| CVE-2021-25398 | 1 Samsung | 1 Bixby Voice | 2021-06-16 | 2.1 LOW | 3.3 LOW |
| Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. | |||||
| CVE-2021-26198 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file. | |||||
| CVE-2017-12624 | 1 Apache | 1 Cxf | 2021-06-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". | |||||
| CVE-2017-3156 | 1 Apache | 1 Cxf | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. | |||||
| CVE-2018-20060 | 2 Fedoraproject, Python | 2 Fedora, Urllib3 | 2021-06-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | |||||
| CVE-2021-20728 | 1 Nttr | 1 Goo Blog | 2021-06-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2021-06-15 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2021-23392 | 1 Locutus | 1 Locutus | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. | |||||
| CVE-2011-1935 | 1 Tcpdump | 1 Libpcap | 2021-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. | |||||
| CVE-2021-31963 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966. | |||||
| CVE-2021-31964 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950. | |||||